<!DOCTYPE html>
<html lang=zh>
<head>
    <meta charset="utf-8">
    
    <title>第三十七章：基于SpringBoot架构以及参数装载完成接口安全认证 | 恒宇少年De成长之路</title>
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />
    <meta name="description" content="在上一章第三十六章：基于SpringBoot架构重写SpringMVC请求参数装载中我们说到了怎么去重写SpringMVC参数装载，从而来完成我们的需求。本章内容会在上一章的基础上进行修改！ 企业中接口编写是再频繁不过的事情了，现在接口已经不仅仅用于移动端来做数据服务了，一些管理平台也同样采用了这种方式来完成前后完全分离的模式。">
<meta name="keywords" content="SpringBoot">
<meta property="og:type" content="article">
<meta property="og:title" content="第三十七章：基于SpringBoot架构以及参数装载完成接口安全认证">
<meta property="og:url" content="http://blog.yuqiyu.com/spring-boot-chapter-37/index.html">
<meta property="og:site_name" content="恒宇少年De成长之路">
<meta property="og:description" content="在上一章第三十六章：基于SpringBoot架构重写SpringMVC请求参数装载中我们说到了怎么去重写SpringMVC参数装载，从而来完成我们的需求。本章内容会在上一章的基础上进行修改！ 企业中接口编写是再频繁不过的事情了，现在接口已经不仅仅用于移动端来做数据服务了，一些管理平台也同样采用了这种方式来完成前后完全分离的模式。">
<meta property="og:locale" content="zh-CN">
<meta property="og:image" content="http://upload-images.jianshu.io/upload_images/4461954-f1d4cb64234b160a.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240">
<meta property="og:updated_time" content="2018-01-23T15:33:23.110Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="第三十七章：基于SpringBoot架构以及参数装载完成接口安全认证">
<meta name="twitter:description" content="在上一章第三十六章：基于SpringBoot架构重写SpringMVC请求参数装载中我们说到了怎么去重写SpringMVC参数装载，从而来完成我们的需求。本章内容会在上一章的基础上进行修改！ 企业中接口编写是再频繁不过的事情了，现在接口已经不仅仅用于移动端来做数据服务了，一些管理平台也同样采用了这种方式来完成前后完全分离的模式。">
<meta name="twitter:image" content="http://upload-images.jianshu.io/upload_images/4461954-f1d4cb64234b160a.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240">
    

    
        <link rel="alternate" href="/" title="恒宇少年De成长之路" type="application/atom+xml" />
    

    

    <link rel="stylesheet" href="/libs/font-awesome/css/font-awesome.min.css">
    <link rel="stylesheet" href="/libs/open-sans/styles.css">
    <link rel="stylesheet" href="/libs/source-code-pro/styles.css">

    <link rel="stylesheet" href="/css/style.css">

    <script src="/libs/jquery/2.1.3/jquery.min.js"></script>
    
    
        <link rel="stylesheet" href="/libs/lightgallery/css/lightgallery.min.css">
    
    
        <link rel="stylesheet" href="/libs/justified-gallery/justifiedGallery.min.css">
    
    
    
    


</head>

<body>
    <div id="container">
        <header id="header">
    <div id="header-main" class="header-inner">
        <div class="outer">
            <a href="/" id="logo">
                <i class="logo"></i>
                <span class="site-title">恒宇少年De成长之路</span>
            </a>
            <nav id="main-nav">
                
                    <a class="main-nav-link" href="/.">首页</a>
                
                    <a class="main-nav-link" href="/archives">时间轴</a>
                
                    <a class="main-nav-link" href="/categories">文章专题</a>
                
                    <a class="main-nav-link" href="/tags">标签云</a>
                
                    <a class="main-nav-link" href="/about">关于我</a>
                
            </nav>
            
                
                <nav id="sub-nav">
                    <div class="profile" id="profile-nav">
                        <a id="profile-anchor" href="javascript:;">
                            <img class="avatar" src="/css/images/avatar.png" />
                            <i class="fa fa-caret-down"></i>
                        </a>
                    </div>
                </nav>
            
            <div id="search-form-wrap">

    <form class="search-form">
        <input type="text" class="ins-search-input search-form-input" placeholder="搜索" />
        <!--button type="submit" class="search-form-submit"></button-->
    </form>
    <div class="ins-search">
    <div class="ins-search-mask"></div>
    <div class="ins-search-container">
        <div class="ins-input-wrapper">
            <input type="text" class="ins-search-input" placeholder="想要查找什么..." />
            <span class="ins-close ins-selectable"><i class="fa fa-times-circle"></i></span>
        </div>
        <div class="ins-section-wrapper">
            <div class="ins-section-container"></div>
        </div>
    </div>
</div>
<script>
(function (window) {
    var INSIGHT_CONFIG = {
        TRANSLATION: {
            POSTS: '文章',
            PAGES: '页面',
            CATEGORIES: '分类',
            TAGS: '标签',
            UNTITLED: '(未命名)',
        },
        ROOT_URL: '/',
        CONTENT_URL: '/content.json',
    };
    window.INSIGHT_CONFIG = INSIGHT_CONFIG;
})(window);
</script>
<script src="/js/insight.js"></script>

</div>
        </div>
    </div>
    <div id="main-nav-mobile" class="header-sub header-inner">
        <table class="menu outer">
            <tr>
                
                    <td ><a  class="main-nav-link" href="/.">首页</a></td>
                
                    <td ><a  class="main-nav-link" href="/archives">时间轴</a></td>
                
                    <td ><a  class="main-nav-link" href="/categories">文章专题</a></td>
                
                    <td ><a  class="main-nav-link" href="/tags">标签云</a></td>
                
                    <td ><a  class="main-nav-link" href="/about">关于我</a></td>
                
                <td>
                    
    <div class="search-form">
        <input type="text" class="ins-search-input search-form-input" placeholder="搜索" />
    </div>

                </td>
            </tr>
        </table>
    </div>
</header>

        <div class="outer">
            
                

<aside id="profile">
    <div class="inner profile-inner">
        <div class="base-info profile-block">
            <img id="avatar" src="/css/images/avatar.png" />
            <h2 id="name">恒宇少年</h2>
            <h3 id="title">Java软件工程师 &amp; 程序猿</h3>
            <span id="location"><i class="fa fa-map-marker"></i>山东, 济南</span>
            <a id="follow" target="_blank" href="https://www.jianshu.com/u/092df3f77bca">关注我</a>
        </div>
        <div class="article-info profile-block">
            <div class="article-info-block">
                43
                <span>文章</span>
            </div>
            <div class="article-info-block">
                2
                <span>标签</span>
            </div>
        </div>
        
        <div class="profile-block social-links">
            <table>
                <tr>
                    
                    
                    <td>
                        <a href="http://github.com/ppoffice/hexo-theme-icarus" target="_blank" title="github" class=tooltip>
                            <i class="fa fa-github"></i>
                        </a>
                    </td>
                    
                    <td>
                        <a href="/" target="_blank" title="twitter" class=tooltip>
                            <i class="fa fa-twitter"></i>
                        </a>
                    </td>
                    
                    <td>
                        <a href="/" target="_blank" title="facebook" class=tooltip>
                            <i class="fa fa-facebook"></i>
                        </a>
                    </td>
                    
                    <td>
                        <a href="/" target="_blank" title="dribbble" class=tooltip>
                            <i class="fa fa-dribbble"></i>
                        </a>
                    </td>
                    
                    <td>
                        <a href="/" target="_blank" title="rss" class=tooltip>
                            <i class="fa fa-rss"></i>
                        </a>
                    </td>
                    
                </tr>
            </table>
        </div>
        
    </div>
</aside>

            
            <section id="main"><article id="post-spring-boot-chapter-37" class="article article-type-post" itemscope itemprop="blogPost">
    <div class="article-inner">
        
        
            <header class="article-header">
                
    
        <h1 class="article-title" itemprop="name">
            第三十七章：基于SpringBoot架构以及参数装载完成接口安全认证
        </h1>
    

                
                    <div class="article-meta">
                        
    <div class="article-date">
        <i class="fa fa-calendar"></i>
        <a href="/spring-boot-chapter-37/">
            <time datetime="2017-10-10T16:00:00.000Z" itemprop="datePublished">2017-10-11</time>
        </a>
    </div>


                        
    <div class="article-category">
    	<i class="fa fa-folder"></i>
        <a class="article-category-link" href="/categories/SpringBoot-核心技术/">SpringBoot 核心技术</a>
    </div>

                        
    <div class="article-tag">
        <i class="fa fa-tag"></i>
        <a class="tag-link" href="/tags/SpringBoot/">SpringBoot</a>
    </div>

                    </div>
                
            </header>
        
        
        <div class="article-entry" itemprop="articleBody">
        
            
            <p>在上一章<a href="http://www.jianshu.com/p/24ebb66c25cb" target="_blank" rel="noopener">第三十六章：基于SpringBoot架构重写SpringMVC请求参数装载</a>中我们说到了怎么去重写<code>SpringMVC</code>参数装载，从而来完成我们的需求。本章内容会在上一章的基础上进行修改！</p>
<p>企业中接口编写是再频繁不过的事情了，现在接口已经不仅仅用于移动端来做数据服务了，一些管理平台也同样采用了这种方式来完成前后完全分离的模式。<br><a id="more"></a><br>不管是接口也好、分离模式也好都会涉及到数据安全的问题，那我们怎么可以很好的避免我们的数据参数暴露呢？</p>
<h1 id="本章目标"><a href="#本章目标" class="headerlink" title="本章目标"></a>本章目标</h1><p>基于SpringBoot平台实现参数安全传输。</p>
<h1 id="SpringBoot-企业级核心技术学习专题"><a href="#SpringBoot-企业级核心技术学习专题" class="headerlink" title="SpringBoot 企业级核心技术学习专题"></a>SpringBoot 企业级核心技术学习专题</h1><table>
<thead>
<tr>
<th style="text-align:center">专题</th>
<th style="text-align:left">专题名称</th>
<th style="text-align:left">专题描述</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align:center">001</td>
<td style="text-align:left"><a href="http://www.jianshu.com/c/3f69deddbed3" target="_blank" rel="noopener">Spring Boot 核心技术</a></td>
<td style="text-align:left">讲解SpringBoot一些企业级层面的核心组件</td>
</tr>
<tr>
<td style="text-align:center">002</td>
<td style="text-align:left"><a href="https://gitee.com/hengboy/spring-boot-chapter" target="_blank" rel="noopener">Spring Boot 核心技术章节源码</a></td>
<td style="text-align:left">Spring Boot 核心技术简书每一篇文章码云对应源码</td>
</tr>
<tr>
<td style="text-align:center">003</td>
<td style="text-align:left"><a href="http://www.jianshu.com/c/1faac22666e7" target="_blank" rel="noopener">Spring Cloud 核心技术</a></td>
<td style="text-align:left">对Spring Cloud核心技术全面讲解</td>
</tr>
<tr>
<td style="text-align:center">004</td>
<td style="text-align:left"><a href="https://gitee.com/hengboy/spring-cloud-chapter" target="_blank" rel="noopener">Spring Cloud 核心技术章节源码</a></td>
<td style="text-align:left">Spring Cloud 核心技术简书每一篇文章对应源码</td>
</tr>
<tr>
<td style="text-align:center">005</td>
<td style="text-align:left"><a href="http://www.jianshu.com/c/ab4789177827" target="_blank" rel="noopener">QueryDSL 核心技术</a></td>
<td style="text-align:left">全面讲解QueryDSL核心技术以及基于SpringBoot整合SpringDataJPA</td>
</tr>
<tr>
<td style="text-align:center">006</td>
<td style="text-align:left"><a href="http://www.jianshu.com/c/f1b269bb2fd6" target="_blank" rel="noopener">SpringDataJPA 核心技术</a></td>
<td style="text-align:left">全面讲解SpringDataJPA核心技术</td>
</tr>
</tbody>
</table>
<h1 id="构建项目"><a href="#构建项目" class="headerlink" title="构建项目"></a>构建项目</h1><p>本章所需要的依赖比较少，我们添加相应的Web依赖即可，下面是pom.xml配置文件部分依赖内容：<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br></pre></td><td class="code"><pre><span class="line">&lt;dependencies&gt;</span><br><span class="line">        &lt;dependency&gt;</span><br><span class="line">            &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;</span><br><span class="line">            &lt;artifactId&gt;spring-boot-starter-web&lt;/artifactId&gt;</span><br><span class="line">        &lt;/dependency&gt;</span><br><span class="line"></span><br><span class="line">        &lt;dependency&gt;</span><br><span class="line">            &lt;groupId&gt;org.projectlombok&lt;/groupId&gt;</span><br><span class="line">            &lt;artifactId&gt;lombok&lt;/artifactId&gt;</span><br><span class="line">            &lt;optional&gt;true&lt;/optional&gt;</span><br><span class="line">        &lt;/dependency&gt;</span><br><span class="line">        &lt;dependency&gt;</span><br><span class="line">            &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;</span><br><span class="line">            &lt;artifactId&gt;spring-boot-starter-tomcat&lt;/artifactId&gt;</span><br><span class="line">            &lt;!--&lt;scope&gt;provided&lt;/scope&gt;--&gt;</span><br><span class="line">        &lt;/dependency&gt;</span><br><span class="line">        &lt;dependency&gt;</span><br><span class="line">            &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;</span><br><span class="line">            &lt;artifactId&gt;spring-boot-starter-test&lt;/artifactId&gt;</span><br><span class="line">            &lt;!--&lt;scope&gt;test&lt;/scope&gt;--&gt;</span><br><span class="line">        &lt;/dependency&gt;</span><br><span class="line"></span><br><span class="line">        &lt;!--fastjson支持--&gt;</span><br><span class="line">        &lt;dependency&gt;</span><br><span class="line">            &lt;groupId&gt;com.alibaba&lt;/groupId&gt;</span><br><span class="line">            &lt;artifactId&gt;fastjson&lt;/artifactId&gt;</span><br><span class="line">            &lt;version&gt;1.2.38&lt;/version&gt;</span><br><span class="line">        &lt;/dependency&gt;</span><br><span class="line">    &lt;/dependencies&gt;</span><br></pre></td></tr></table></figure></p>
<p>本章的实现思路是采用<code>SpringMvc拦截器</code>来完成指定注解的拦截，并且根据拦截做出安全属性的处理，再结合自定义的参数装载完成对应参数的赋值。</p>
<h2 id="ContentSecurityMethodArgumentResolver"><a href="#ContentSecurityMethodArgumentResolver" class="headerlink" title="ContentSecurityMethodArgumentResolver"></a>ContentSecurityMethodArgumentResolver</h2><p>我们先来创建一个参数装载实现类，该参数状态实现类继承至<code>BaseMethodArgumentResolver</code>，而<code>BaseMethodArgumentResolver</code>则是实现了<code>HandlerMethodArgumentResolver</code>接口完成一些父类的方法处理，代码如下所示：<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br><span class="line">84</span><br><span class="line">85</span><br><span class="line">86</span><br><span class="line">87</span><br><span class="line">88</span><br><span class="line">89</span><br><span class="line">90</span><br></pre></td><td class="code"><pre><span class="line">package com.yuqiyu.chapter37.resovler;</span><br><span class="line"></span><br><span class="line">import org.springframework.web.context.request.NativeWebRequest;</span><br><span class="line">import org.springframework.web.context.request.RequestAttributes;</span><br><span class="line">import org.springframework.web.method.support.HandlerMethodArgumentResolver;</span><br><span class="line">import org.springframework.web.servlet.HandlerMapping;</span><br><span class="line"></span><br><span class="line">import java.util.Collections;</span><br><span class="line">import java.util.HashMap;</span><br><span class="line">import java.util.Iterator;</span><br><span class="line">import java.util.Map;</span><br><span class="line"></span><br><span class="line">/**</span><br><span class="line"> * ===============================</span><br><span class="line"> * Created with IntelliJ IDEA.</span><br><span class="line"> * User：于起宇</span><br><span class="line"> * Date：2017/8/23</span><br><span class="line"> * Time：20:04</span><br><span class="line"> * 简书：http://www.jianshu.com/u/092df3f77bca</span><br><span class="line"> * ================================</span><br><span class="line"> */</span><br><span class="line">public abstract class BaseMethodArgumentResolver</span><br><span class="line">    implements HandlerMethodArgumentResolver</span><br><span class="line">&#123;</span><br><span class="line"></span><br><span class="line">    /**</span><br><span class="line">     * 获取指定前缀的参数：包括uri varaibles 和 parameters</span><br><span class="line">     *</span><br><span class="line">     * @param namePrefix</span><br><span class="line">     * @param request</span><br><span class="line">     * @return</span><br><span class="line">     * @subPrefix 是否截取掉namePrefix的前缀</span><br><span class="line">     */</span><br><span class="line">    protected Map&lt;String, String[]&gt; getPrefixParameterMap(String namePrefix, NativeWebRequest request, boolean subPrefix) &#123;</span><br><span class="line">        Map&lt;String, String[]&gt; result = new HashMap();</span><br><span class="line"></span><br><span class="line">        Map&lt;String, String&gt; variables = getUriTemplateVariables(request);</span><br><span class="line"></span><br><span class="line">        int namePrefixLength = namePrefix.length();</span><br><span class="line">        for (String name : variables.keySet()) &#123;</span><br><span class="line">            if (name.startsWith(namePrefix)) &#123;</span><br><span class="line"></span><br><span class="line">                //page.pn  则截取 pn</span><br><span class="line">                if (subPrefix) &#123;</span><br><span class="line">                    char ch = name.charAt(namePrefix.length());</span><br><span class="line">                    //如果下一个字符不是 数字 . _  则不可能是查询 只是前缀类似</span><br><span class="line">                    if (illegalChar(ch)) &#123;</span><br><span class="line">                        continue;</span><br><span class="line">                    &#125;</span><br><span class="line">                    result.put(name.substring(namePrefixLength + 1), new String[]&#123;variables.get(name)&#125;);</span><br><span class="line">                &#125; else &#123;</span><br><span class="line">                    result.put(name, new String[]&#123;variables.get(name)&#125;);</span><br><span class="line">                &#125;</span><br><span class="line">            &#125;</span><br><span class="line">        &#125;</span><br><span class="line"></span><br><span class="line">        Iterator&lt;String&gt; parameterNames = request.getParameterNames();</span><br><span class="line">        while (parameterNames.hasNext()) &#123;</span><br><span class="line">            String name = parameterNames.next();</span><br><span class="line">            if (name.startsWith(namePrefix)) &#123;</span><br><span class="line">                //page.pn  则截取 pn</span><br><span class="line">                if (subPrefix) &#123;</span><br><span class="line">                    char ch = name.charAt(namePrefix.length());</span><br><span class="line">                    //如果下一个字符不是 数字 . _  则不可能是查询 只是前缀类似</span><br><span class="line">                    if (illegalChar(ch)) &#123;</span><br><span class="line">                        continue;</span><br><span class="line">                    &#125;</span><br><span class="line">                    result.put(name.substring(namePrefixLength + 1), request.getParameterValues(name));</span><br><span class="line">                &#125; else &#123;</span><br><span class="line">                    result.put(name, request.getParameterValues(name));</span><br><span class="line">                &#125;</span><br><span class="line">            &#125;</span><br><span class="line">        &#125;</span><br><span class="line"></span><br><span class="line">        return result;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    private boolean illegalChar(char ch) &#123;</span><br><span class="line">        return ch != &apos;.&apos; &amp;&amp; ch != &apos;_&apos; &amp;&amp; !(ch &gt;= &apos;0&apos; &amp;&amp; ch &lt;= &apos;9&apos;);</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">    @SuppressWarnings(&quot;unchecked&quot;)</span><br><span class="line">    protected final Map&lt;String, String&gt; getUriTemplateVariables(NativeWebRequest request) &#123;</span><br><span class="line">        Map&lt;String, String&gt; variables =</span><br><span class="line">                (Map&lt;String, String&gt;) request.getAttribute(</span><br><span class="line">                        HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE, RequestAttributes.SCOPE_REQUEST);</span><br><span class="line">        return (variables != null) ? variables : Collections.&lt;String, String&gt;emptyMap();</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></p>
<p>下面我们主要来看看<code>ContentSecurityMethodArgumentResolver</code>编码与我们上一章<a href="http://www.jianshu.com/p/24ebb66c25cb" target="_blank" rel="noopener">第三十六章：基于SpringBoot架构重写SpringMVC请求参数装载</a>有什么区别，实现思路几乎是一样的，只是做部分内容做出了修改，代码如下所示：<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br><span class="line">84</span><br><span class="line">85</span><br><span class="line">86</span><br><span class="line">87</span><br><span class="line">88</span><br><span class="line">89</span><br><span class="line">90</span><br><span class="line">91</span><br><span class="line">92</span><br><span class="line">93</span><br><span class="line">94</span><br><span class="line">95</span><br><span class="line">96</span><br><span class="line">97</span><br><span class="line">98</span><br><span class="line">99</span><br><span class="line">100</span><br><span class="line">101</span><br><span class="line">102</span><br><span class="line">103</span><br><span class="line">104</span><br><span class="line">105</span><br><span class="line">106</span><br><span class="line">107</span><br><span class="line">108</span><br><span class="line">109</span><br><span class="line">110</span><br><span class="line">111</span><br><span class="line">112</span><br><span class="line">113</span><br><span class="line">114</span><br><span class="line">115</span><br><span class="line">116</span><br><span class="line">117</span><br><span class="line">118</span><br><span class="line">119</span><br><span class="line">120</span><br><span class="line">121</span><br><span class="line">122</span><br><span class="line">123</span><br><span class="line">124</span><br><span class="line">125</span><br><span class="line">126</span><br><span class="line">127</span><br><span class="line">128</span><br><span class="line">129</span><br><span class="line">130</span><br><span class="line">131</span><br><span class="line">132</span><br><span class="line">133</span><br><span class="line">134</span><br><span class="line">135</span><br><span class="line">136</span><br><span class="line">137</span><br><span class="line">138</span><br><span class="line">139</span><br><span class="line">140</span><br><span class="line">141</span><br><span class="line">142</span><br><span class="line">143</span><br><span class="line">144</span><br><span class="line">145</span><br><span class="line">146</span><br><span class="line">147</span><br><span class="line">148</span><br><span class="line">149</span><br><span class="line">150</span><br><span class="line">151</span><br><span class="line">152</span><br><span class="line">153</span><br><span class="line">154</span><br><span class="line">155</span><br><span class="line">156</span><br><span class="line">157</span><br><span class="line">158</span><br><span class="line">159</span><br><span class="line">160</span><br><span class="line">161</span><br><span class="line">162</span><br><span class="line">163</span><br><span class="line">164</span><br><span class="line">165</span><br><span class="line">166</span><br><span class="line">167</span><br><span class="line">168</span><br><span class="line">169</span><br><span class="line">170</span><br><span class="line">171</span><br><span class="line">172</span><br><span class="line">173</span><br><span class="line">174</span><br><span class="line">175</span><br><span class="line">176</span><br><span class="line">177</span><br><span class="line">178</span><br><span class="line">179</span><br><span class="line">180</span><br><span class="line">181</span><br><span class="line">182</span><br><span class="line">183</span><br><span class="line">184</span><br><span class="line">185</span><br><span class="line">186</span><br><span class="line">187</span><br><span class="line">188</span><br><span class="line">189</span><br><span class="line">190</span><br><span class="line">191</span><br><span class="line">192</span><br><span class="line">193</span><br><span class="line">194</span><br><span class="line">195</span><br><span class="line">196</span><br><span class="line">197</span><br><span class="line">198</span><br><span class="line">199</span><br><span class="line">200</span><br><span class="line">201</span><br><span class="line">202</span><br><span class="line">203</span><br><span class="line">204</span><br><span class="line">205</span><br><span class="line">206</span><br><span class="line">207</span><br><span class="line">208</span><br><span class="line">209</span><br><span class="line">210</span><br><span class="line">211</span><br><span class="line">212</span><br><span class="line">213</span><br><span class="line">214</span><br><span class="line">215</span><br><span class="line">216</span><br><span class="line">217</span><br><span class="line">218</span><br><span class="line">219</span><br><span class="line">220</span><br><span class="line">221</span><br><span class="line">222</span><br><span class="line">223</span><br><span class="line">224</span><br><span class="line">225</span><br><span class="line">226</span><br><span class="line">227</span><br><span class="line">228</span><br><span class="line">229</span><br><span class="line">230</span><br><span class="line">231</span><br><span class="line">232</span><br><span class="line">233</span><br><span class="line">234</span><br><span class="line">235</span><br><span class="line">236</span><br><span class="line">237</span><br><span class="line">238</span><br><span class="line">239</span><br><span class="line">240</span><br><span class="line">241</span><br><span class="line">242</span><br><span class="line">243</span><br><span class="line">244</span><br><span class="line">245</span><br><span class="line">246</span><br><span class="line">247</span><br><span class="line">248</span><br><span class="line">249</span><br><span class="line">250</span><br><span class="line">251</span><br><span class="line">252</span><br><span class="line">253</span><br><span class="line">254</span><br><span class="line">255</span><br><span class="line">256</span><br><span class="line">257</span><br><span class="line">258</span><br><span class="line">259</span><br><span class="line">260</span><br><span class="line">261</span><br><span class="line">262</span><br><span class="line">263</span><br><span class="line">264</span><br><span class="line">265</span><br><span class="line">266</span><br><span class="line">267</span><br><span class="line">268</span><br><span class="line">269</span><br><span class="line">270</span><br><span class="line">271</span><br><span class="line">272</span><br><span class="line">273</span><br><span class="line">274</span><br><span class="line">275</span><br><span class="line">276</span><br><span class="line">277</span><br><span class="line">278</span><br><span class="line">279</span><br><span class="line">280</span><br><span class="line">281</span><br><span class="line">282</span><br><span class="line">283</span><br><span class="line">284</span><br><span class="line">285</span><br><span class="line">286</span><br><span class="line">287</span><br><span class="line">288</span><br><span class="line">289</span><br><span class="line">290</span><br><span class="line">291</span><br><span class="line">292</span><br><span class="line">293</span><br><span class="line">294</span><br><span class="line">295</span><br><span class="line">296</span><br><span class="line">297</span><br><span class="line">298</span><br><span class="line">299</span><br><span class="line">300</span><br><span class="line">301</span><br><span class="line">302</span><br><span class="line">303</span><br><span class="line">304</span><br><span class="line">305</span><br><span class="line">306</span><br><span class="line">307</span><br><span class="line">308</span><br><span class="line">309</span><br><span class="line">310</span><br><span class="line">311</span><br><span class="line">312</span><br><span class="line">313</span><br></pre></td><td class="code"><pre><span class="line">package com.yuqiyu.chapter37.resovler;</span><br><span class="line"></span><br><span class="line">import com.yuqiyu.chapter37.annotation.ContentSecurityAttribute;</span><br><span class="line">import com.yuqiyu.chapter37.constants.ContentSecurityConstants;</span><br><span class="line">import org.slf4j.Logger;</span><br><span class="line">import org.slf4j.LoggerFactory;</span><br><span class="line">import org.springframework.beans.BeanUtils;</span><br><span class="line">import org.springframework.core.MethodParameter;</span><br><span class="line">import org.springframework.core.annotation.AnnotationUtils;</span><br><span class="line">import org.springframework.core.convert.ConversionService;</span><br><span class="line">import org.springframework.core.convert.TypeDescriptor;</span><br><span class="line">import org.springframework.mock.web.MockHttpServletRequest;</span><br><span class="line">import org.springframework.util.StringUtils;</span><br><span class="line">import org.springframework.validation.BindException;</span><br><span class="line">import org.springframework.validation.DataBinder;</span><br><span class="line">import org.springframework.validation.Errors;</span><br><span class="line">import org.springframework.web.bind.ServletRequestDataBinder;</span><br><span class="line">import org.springframework.web.bind.WebDataBinder;</span><br><span class="line">import org.springframework.web.bind.support.WebDataBinderFactory;</span><br><span class="line">import org.springframework.web.context.request.NativeWebRequest;</span><br><span class="line">import org.springframework.web.method.support.ModelAndViewContainer;</span><br><span class="line"></span><br><span class="line">import javax.servlet.http.HttpServletRequest;</span><br><span class="line">import java.lang.annotation.Annotation;</span><br><span class="line">import java.lang.reflect.Field;</span><br><span class="line">import java.util.Enumeration;</span><br><span class="line">import java.util.Map;</span><br><span class="line"></span><br><span class="line">/**</span><br><span class="line"> * 自定义方法参数映射</span><br><span class="line"> * 实现了HandlerMethodArgumentResolver接口内的方法supportsParameter &amp; resolveArgument</span><br><span class="line"> * 通过supportsParameter方法判断仅存在@ContentSecurityAttribute注解的参数才会执行resolveArgument方法实现</span><br><span class="line"> * ===============================</span><br><span class="line"> * Created with IntelliJ IDEA.</span><br><span class="line"> * User：于起宇</span><br><span class="line"> * Date：2017/10/11</span><br><span class="line"> * Time：23:05</span><br><span class="line"> * 简书：http://www.jianshu.com/u/092df3f77bca</span><br><span class="line"> * ================================</span><br><span class="line"> */</span><br><span class="line">public class ContentSecurityMethodArgumentResolver</span><br><span class="line">    extends BaseMethodArgumentResolver</span><br><span class="line">&#123;</span><br><span class="line">    private Logger logger = LoggerFactory.getLogger(ContentSecurityMethodArgumentResolver.class);</span><br><span class="line">    /**</span><br><span class="line">     * 判断参数是否配置了@ContentSecurityAttribute注解</span><br><span class="line">     * 如果返回true则执行resolveArgument方法</span><br><span class="line">     * @param parameter</span><br><span class="line">     * @return</span><br><span class="line">     */</span><br><span class="line">    @Override</span><br><span class="line">    public boolean supportsParameter(MethodParameter parameter)</span><br><span class="line">    &#123;</span><br><span class="line">        return parameter.hasParameterAnnotation(ContentSecurityAttribute.class);</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    /**</span><br><span class="line">     * 执行参数映射</span><br><span class="line">     * @param parameter 参数对象</span><br><span class="line">     * @param mavContainer 参数集合</span><br><span class="line">     * @param request 本地请求对象</span><br><span class="line">     * @param binderFactory 绑定参数工厂对象</span><br><span class="line">     * @return</span><br><span class="line">     * @throws Exception</span><br><span class="line">     */</span><br><span class="line">    @Override</span><br><span class="line">    public Object resolveArgument(</span><br><span class="line">            MethodParameter parameter,</span><br><span class="line">            ModelAndViewContainer mavContainer,</span><br><span class="line">            NativeWebRequest request,</span><br><span class="line">            WebDataBinderFactory binderFactory) throws Exception</span><br><span class="line">    &#123;</span><br><span class="line">        //获取@ContentSecurityAttribute配置的value值，作为参数名称</span><br><span class="line">        String name = parameter.getParameterAnnotation(ContentSecurityAttribute.class).value();</span><br><span class="line">        /**</span><br><span class="line">         * 获取值</span><br><span class="line">         * 如果请求集合内存在则直接获取</span><br><span class="line">         * 如果不存在则调用createAttribute方法创建</span><br><span class="line">         */</span><br><span class="line">        Object target = (mavContainer.containsAttribute(name)) ?</span><br><span class="line">                mavContainer.getModel().get(name) : createAttribute(name, parameter, binderFactory, request);</span><br><span class="line">        /**</span><br><span class="line">         * 创建参数绑定</span><br><span class="line">         */</span><br><span class="line">        WebDataBinder binder = binderFactory.createBinder(request, target, name);</span><br><span class="line">        //获取返回值实例</span><br><span class="line">        target = binder.getTarget();</span><br><span class="line">        //如果存在返回值</span><br><span class="line">        if (target != null) &#123;</span><br><span class="line">            /**</span><br><span class="line">             * 设置返回值对象内的所有field得值，从request.getAttribute方法内获取</span><br><span class="line">             */</span><br><span class="line">            bindRequestAttributes(binder, request);</span><br><span class="line">            /**</span><br><span class="line">             * 调用@Valid验证参数有效性</span><br><span class="line">             */</span><br><span class="line">            validateIfApplicable(binder, parameter);</span><br><span class="line">            /**</span><br><span class="line">             * 存在参数绑定异常</span><br><span class="line">             * 抛出异常</span><br><span class="line">             */</span><br><span class="line">            if (binder.getBindingResult().hasErrors()) &#123;</span><br><span class="line">                if (isBindExceptionRequired(binder, parameter)) &#123;</span><br><span class="line">                    throw new BindException(binder.getBindingResult());</span><br><span class="line">                &#125;</span><br><span class="line">            &#125;</span><br><span class="line">        &#125;</span><br><span class="line">        /**</span><br><span class="line">         * 转换返回对象</span><br><span class="line">         */</span><br><span class="line">        target = binder.convertIfNecessary(binder.getTarget(), parameter.getParameterType());</span><br><span class="line">        //存放到model内</span><br><span class="line">        mavContainer.addAttribute(name, target);</span><br><span class="line"></span><br><span class="line">        return target;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    /**</span><br><span class="line">     * 绑定请求参数</span><br><span class="line">     * @param binder</span><br><span class="line">     * @param nativeWebRequest</span><br><span class="line">     * @throws Exception</span><br><span class="line">     */</span><br><span class="line">    protected void bindRequestAttributes(</span><br><span class="line">            WebDataBinder binder,</span><br><span class="line">            NativeWebRequest nativeWebRequest) throws Exception &#123;</span><br><span class="line"></span><br><span class="line">        /**</span><br><span class="line">         * 获取返回对象实例</span><br><span class="line">         */</span><br><span class="line">        Object obj = binder.getTarget();</span><br><span class="line">        /**</span><br><span class="line">         * 获取返回值类型</span><br><span class="line">         */</span><br><span class="line">        Class&lt;?&gt; targetType = binder.getTarget().getClass();</span><br><span class="line">        /**</span><br><span class="line">         * 转换本地request对象为HttpServletRequest对象</span><br><span class="line">         */</span><br><span class="line">        HttpServletRequest request =</span><br><span class="line">                nativeWebRequest.getNativeRequest(HttpServletRequest.class);</span><br><span class="line">        /**</span><br><span class="line">         * 获取所有attributes</span><br><span class="line">         */</span><br><span class="line">        Enumeration attributeNames = request.getAttributeNames();</span><br><span class="line">        /**</span><br><span class="line">         * 遍历设置值</span><br><span class="line">         */</span><br><span class="line">        while(attributeNames.hasMoreElements())</span><br><span class="line">        &#123;</span><br><span class="line">            //获取attribute name</span><br><span class="line">            String attributeName = String.valueOf(attributeNames.nextElement());</span><br><span class="line">            /**</span><br><span class="line">             * 仅处理ContentSecurityConstants.ATTRIBUTE_PREFFIX开头的attribute</span><br><span class="line">             */</span><br><span class="line">            if(!attributeName.startsWith(ContentSecurityConstants.ATTRIBUTE_PREFFIX))</span><br><span class="line">            &#123;</span><br><span class="line">                continue;</span><br><span class="line">            &#125;</span><br><span class="line">            //获取字段名</span><br><span class="line">            String fieldName = attributeName.replace(ContentSecurityConstants.ATTRIBUTE_PREFFIX,&quot;&quot;);</span><br><span class="line">            Field field = null;</span><br><span class="line">            try &#123;</span><br><span class="line">                field = targetType.getDeclaredField(fieldName);</span><br><span class="line">            &#125;</span><br><span class="line">            /**</span><br><span class="line">             * 如果返回对象类型内不存在字段</span><br><span class="line">             * 则从父类读取</span><br><span class="line">             */</span><br><span class="line">            catch (NoSuchFieldException e)</span><br><span class="line">            &#123;</span><br><span class="line">                try &#123;</span><br><span class="line">                    field = targetType.getSuperclass().getDeclaredField(fieldName);</span><br><span class="line">                &#125;catch (NoSuchFieldException e2)</span><br><span class="line">                &#123;</span><br><span class="line">                    continue;</span><br><span class="line">                &#125;</span><br><span class="line">                /**</span><br><span class="line">                 * 如果父类还不存在，则直接跳出循环</span><br><span class="line">                 */</span><br><span class="line">                if(StringUtils.isEmpty(field)) &#123;</span><br><span class="line">                    continue;</span><br><span class="line">                &#125;</span><br><span class="line">            &#125;</span><br><span class="line">            /**</span><br><span class="line">             * 设置字段的值</span><br><span class="line">             */</span><br><span class="line">            field.setAccessible(true);</span><br><span class="line">            String fieldClassName = field.getType().getSimpleName();</span><br><span class="line">            Object attributeObj = request.getAttribute(attributeName);</span><br><span class="line"></span><br><span class="line">            logger.info(&quot;映射安全字段：&#123;&#125;，字段类型：&#123;&#125;，字段内容：&#123;&#125;&quot;,fieldName,fieldClassName,attributeObj);</span><br><span class="line"></span><br><span class="line">            if(&quot;String&quot;.equals(fieldClassName)) &#123;</span><br><span class="line">                field.set(obj,attributeObj);</span><br><span class="line">            &#125;</span><br><span class="line">            else if(&quot;Integer&quot;.equals(fieldClassName))</span><br><span class="line">            &#123;</span><br><span class="line">                field.setInt(obj,Integer.valueOf(String.valueOf(attributeObj)));</span><br><span class="line">            &#125;</span><br><span class="line">            else&#123;</span><br><span class="line">                field.set(obj,attributeObj);</span><br><span class="line">            &#125;</span><br><span class="line">        &#125;</span><br><span class="line">        ServletRequestDataBinder servletBinder = (ServletRequestDataBinder) binder;</span><br><span class="line">        servletBinder.bind(new MockHttpServletRequest());</span><br><span class="line">    &#125;</span><br><span class="line">    /**</span><br><span class="line">     * Whether to raise a &#123;@link BindException&#125; on bind or validation errors.</span><br><span class="line">     * The default implementation returns &#123;@code true&#125; if the next method</span><br><span class="line">     * argument is not of type &#123;@link Errors&#125;.</span><br><span class="line">     *</span><br><span class="line">     * @param binder    the data binder used to perform data binding</span><br><span class="line">     * @param parameter the method argument</span><br><span class="line">     */</span><br><span class="line">    protected boolean isBindExceptionRequired(WebDataBinder binder, MethodParameter parameter) &#123;</span><br><span class="line">        int i = parameter.getParameterIndex();</span><br><span class="line">        Class&lt;?&gt;[] paramTypes = parameter.getMethod().getParameterTypes();</span><br><span class="line">        boolean hasBindingResult = (paramTypes.length &gt; (i + 1) &amp;&amp; Errors.class.isAssignableFrom(paramTypes[i + 1]));</span><br><span class="line"></span><br><span class="line">        return !hasBindingResult;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    /**</span><br><span class="line">     * Extension point to create the model attribute if not found in the model.</span><br><span class="line">     * The default implementation uses the default constructor.</span><br><span class="line">     *</span><br><span class="line">     * @param attributeName the name of the attribute, never &#123;@code null&#125;</span><br><span class="line">     * @param parameter     the method parameter</span><br><span class="line">     * @param binderFactory for creating WebDataBinder instance</span><br><span class="line">     * @param request       the current request</span><br><span class="line">     * @return the created model attribute, never &#123;@code null&#125;</span><br><span class="line">     */</span><br><span class="line">    protected Object createAttribute(String attributeName, MethodParameter parameter,</span><br><span class="line">                                     WebDataBinderFactory binderFactory, NativeWebRequest request) throws Exception &#123;</span><br><span class="line"></span><br><span class="line">        String value = getRequestValueForAttribute(attributeName, request);</span><br><span class="line"></span><br><span class="line">        if (value != null) &#123;</span><br><span class="line">            Object attribute = createAttributeFromRequestValue(value, attributeName, parameter, binderFactory, request);</span><br><span class="line">            if (attribute != null) &#123;</span><br><span class="line">                return attribute;</span><br><span class="line">            &#125;</span><br><span class="line">        &#125;</span><br><span class="line">        return BeanUtils.instantiateClass(parameter.getParameterType());</span><br><span class="line">    &#125;</span><br><span class="line">    /**</span><br><span class="line">     * Obtain a value from the request that may be used to instantiate the</span><br><span class="line">     * model attribute through type conversion from String to the target type.</span><br><span class="line">     * &lt;p&gt;The default implementation looks for the attribute name to match</span><br><span class="line">     * a URI variable first and then a request parameter.</span><br><span class="line">     *</span><br><span class="line">     * @param attributeName the model attribute name</span><br><span class="line">     * @param request       the current request</span><br><span class="line">     * @return the request value to try to convert or &#123;@code null&#125;</span><br><span class="line">     */</span><br><span class="line">    protected String getRequestValueForAttribute(String attributeName, NativeWebRequest request) &#123;</span><br><span class="line">        Map&lt;String, String&gt; variables = getUriTemplateVariables(request);</span><br><span class="line">        if (StringUtils.hasText(variables.get(attributeName))) &#123;</span><br><span class="line">            return variables.get(attributeName);</span><br><span class="line">        &#125; else if (StringUtils.hasText(request.getParameter(attributeName))) &#123;</span><br><span class="line">            return request.getParameter(attributeName);</span><br><span class="line">        &#125; else &#123;</span><br><span class="line">            return null;</span><br><span class="line">        &#125;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    /**</span><br><span class="line">     * Create a model attribute from a String request value (e.g. URI template</span><br><span class="line">     * variable, request parameter) using type conversion.</span><br><span class="line">     * &lt;p&gt;The default implementation converts only if there a registered</span><br><span class="line">     * &#123;@link org.springframework.core.convert.converter.Converter&#125; that can perform the conversion.</span><br><span class="line">     *</span><br><span class="line">     * @param sourceValue   the source value to create the model attribute from</span><br><span class="line">     * @param attributeName the name of the attribute, never &#123;@code null&#125;</span><br><span class="line">     * @param parameter     the method parameter</span><br><span class="line">     * @param binderFactory for creating WebDataBinder instance</span><br><span class="line">     * @param request       the current request</span><br><span class="line">     * @return the created model attribute, or &#123;@code null&#125;</span><br><span class="line">     * @throws Exception</span><br><span class="line">     */</span><br><span class="line">    protected Object createAttributeFromRequestValue(String sourceValue,</span><br><span class="line">                                                     String attributeName,</span><br><span class="line">                                                     MethodParameter parameter,</span><br><span class="line">                                                     WebDataBinderFactory binderFactory,</span><br><span class="line">                                                     NativeWebRequest request) throws Exception &#123;</span><br><span class="line">        DataBinder binder = binderFactory.createBinder(request, null, attributeName);</span><br><span class="line">        ConversionService conversionService = binder.getConversionService();</span><br><span class="line">        if (conversionService != null) &#123;</span><br><span class="line">            TypeDescriptor source = TypeDescriptor.valueOf(String.class);</span><br><span class="line">            TypeDescriptor target = new TypeDescriptor(parameter);</span><br><span class="line">            if (conversionService.canConvert(source, target)) &#123;</span><br><span class="line">                return binder.convertIfNecessary(sourceValue, parameter.getParameterType(), parameter);</span><br><span class="line">            &#125;</span><br><span class="line">        &#125;</span><br><span class="line">        return null;</span><br><span class="line">    &#125;</span><br><span class="line">    /**</span><br><span class="line">     * Validate the model attribute if applicable.</span><br><span class="line">     * &lt;p&gt;The default implementation checks for &#123;@code @javax.validation.Valid&#125;.</span><br><span class="line">     *</span><br><span class="line">     * @param binder    the DataBinder to be used</span><br><span class="line">     * @param parameter the method parameter</span><br><span class="line">     */</span><br><span class="line">    protected void validateIfApplicable(WebDataBinder binder, MethodParameter parameter) &#123;</span><br><span class="line">        Annotation[] annotations = parameter.getParameterAnnotations();</span><br><span class="line">        for (Annotation annot : annotations) &#123;</span><br><span class="line">            if (annot.annotationType().getSimpleName().startsWith(&quot;Valid&quot;)) &#123;</span><br><span class="line">                Object hints = AnnotationUtils.getValue(annot);</span><br><span class="line">                binder.validate(hints instanceof Object[] ? (Object[]) hints : new Object[]&#123;hints&#125;);</span><br><span class="line">            &#125;</span><br><span class="line">        &#125;</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></p>
<h3 id="ContentSecurityAttribute"><a href="#ContentSecurityAttribute" class="headerlink" title="ContentSecurityAttribute"></a>ContentSecurityAttribute</h3><p>可以看到<code>supportsParameter</code>方法我们是完成了参数包含<code>ContentSecurityAttribute</code>注解才会做装载处理，也就是说只要参数配置了<code>ContentSecurityAttribute</code>注解才会去执行<code>resolveArgument</code>方法内的业务逻辑并做出相应的返回。注解内容如下所示：<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br></pre></td><td class="code"><pre><span class="line">package com.yuqiyu.chapter37.annotation;</span><br><span class="line"></span><br><span class="line">import java.lang.annotation.*;</span><br><span class="line"></span><br><span class="line">/**</span><br><span class="line"> * 配置该注解表示从request.attribute内读取对应实体参数值</span><br><span class="line"> * ========================</span><br><span class="line"> * Created with IntelliJ IDEA.</span><br><span class="line"> * User：恒宇少年</span><br><span class="line"> * Date：2017/10/11</span><br><span class="line"> * Time：23:02</span><br><span class="line"> * 码云：http://git.oschina.net/jnyqy</span><br><span class="line"> * ========================</span><br><span class="line"> */</span><br><span class="line">@Target(&#123;ElementType.PARAMETER&#125;)</span><br><span class="line">@Retention(RetentionPolicy.RUNTIME)</span><br><span class="line">@Documented</span><br><span class="line">public @interface ContentSecurityAttribute &#123;</span><br><span class="line">    /**</span><br><span class="line">     * 参数值</span><br><span class="line">     * 对应配置@ContentSecurityAttribute注解的参数名称即可</span><br><span class="line">     * @return</span><br><span class="line">     */</span><br><span class="line">    String value();</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></p>
<p>在上面注解代码内我们添加了一个属性<code>value</code>，这个属性是配置的参数的映射名称，其实目的跟<code>@RequestParam</code>有几分相似，在我们配置使用的时候保持value与参数名称一致就可以了。<br>接下来我们还需要创建一个注解，因为我们不希望所有的请求都被做出处理！</p>
<h3 id="ContentSecurity"><a href="#ContentSecurity" class="headerlink" title="ContentSecurity"></a>ContentSecurity</h3><p>该注解配置在控制器内的方法上，只要配置了该注解就会被处理一些安全机制，我们先来看看该注解的代码，至于具体怎么使用以及内部做出了什么安全机制，一会我们再来详细讲解，代码如下：<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br></pre></td><td class="code"><pre><span class="line">package com.yuqiyu.chapter37.annotation;</span><br><span class="line"></span><br><span class="line">import com.yuqiyu.chapter37.enums.ContentSecurityAway;</span><br><span class="line"></span><br><span class="line">import java.lang.annotation.*;</span><br><span class="line"></span><br><span class="line">/**</span><br><span class="line"> * 配置开启安全</span><br><span class="line"> * ========================</span><br><span class="line"> * Created with IntelliJ IDEA.</span><br><span class="line"> * User：恒宇少年</span><br><span class="line"> * Date：2017/10/11</span><br><span class="line"> * Time：22:55</span><br><span class="line"> * 码云：http://git.oschina.net/jnyqy</span><br><span class="line"> * ========================</span><br><span class="line"> */</span><br><span class="line">@Target(&#123; ElementType.METHOD&#125;)</span><br><span class="line">@Retention(RetentionPolicy.RUNTIME)</span><br><span class="line">@Documented</span><br><span class="line">public @interface ContentSecurity</span><br><span class="line">&#123;</span><br><span class="line">    /**</span><br><span class="line">     * 内容加密方式</span><br><span class="line">     * 默认DES</span><br><span class="line">     * @return</span><br><span class="line">     */</span><br><span class="line">    ContentSecurityAway away() default ContentSecurityAway.DES;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></p>
<p>在注解内我们添加了<code>away</code>属性方法，而该属性方法我们采用了一个枚举的方式完成，我们先来看看枚举的值再来说下作用，如下所示：<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre></td><td class="code"><pre><span class="line">package com.yuqiyu.chapter37.enums;</span><br><span class="line"></span><br><span class="line">/**</span><br><span class="line"> * 内容安全处理方式</span><br><span class="line"> * 目前可配置：DES</span><br><span class="line"> * 可扩展RSA、JWT、OAuth2等</span><br><span class="line"> * ========================</span><br><span class="line"> * Created with IntelliJ IDEA.</span><br><span class="line"> * User：恒宇少年</span><br><span class="line"> * Date：2017/10/11</span><br><span class="line"> * Time：22:55</span><br><span class="line"> * 码云：http://git.oschina.net/jnyqy</span><br><span class="line"> * ========================</span><br><span class="line"> */</span><br><span class="line">public enum ContentSecurityAway &#123;</span><br><span class="line">    DES</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></p>
<p>可以看到<code>ContentSecurityAway</code>内目前我们仅声明了一个类型<code>DES</code>，其实这个枚举创建是为了以后的扩展，如果说以后我们的加密方式会存在多种，只需要在<code>ContentSecurityAway</code>添加对应的配置，以及处理安全机制部分做出调整，其他部分不需要做出任何修改。<br>那现在我们可以说万事俱备就差处理安全机制了，在文章的开头有说到，我们需要采用拦截器来完成安全的认证，那么我们接下来看看拦截器的实现。</p>
<h3 id="ContentSecurityInterceptor"><a href="#ContentSecurityInterceptor" class="headerlink" title="ContentSecurityInterceptor"></a>ContentSecurityInterceptor</h3><p><code>ContentSecurityInterceptor</code>拦截器实现<code>HandlerInterceptor</code>接口，并且需要我们重写内部的三个方法，分别是<code>preHandle</code>、<code>postHandle</code>、<code>afterCompletion</code>，我们本章其实只需要将安全认证处理编写在<code>preHandle</code>方法内，因为我们需要在请求<code>Controller</code>之前做出认证，下面我们还是先把代码贴出来，如下所示：<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br><span class="line">84</span><br><span class="line">85</span><br><span class="line">86</span><br><span class="line">87</span><br><span class="line">88</span><br><span class="line">89</span><br><span class="line">90</span><br><span class="line">91</span><br><span class="line">92</span><br><span class="line">93</span><br><span class="line">94</span><br><span class="line">95</span><br><span class="line">96</span><br><span class="line">97</span><br><span class="line">98</span><br><span class="line">99</span><br><span class="line">100</span><br><span class="line">101</span><br><span class="line">102</span><br><span class="line">103</span><br><span class="line">104</span><br><span class="line">105</span><br><span class="line">106</span><br><span class="line">107</span><br><span class="line">108</span><br><span class="line">109</span><br><span class="line">110</span><br><span class="line">111</span><br><span class="line">112</span><br><span class="line">113</span><br><span class="line">114</span><br><span class="line">115</span><br><span class="line">116</span><br><span class="line">117</span><br><span class="line">118</span><br><span class="line">119</span><br><span class="line">120</span><br><span class="line">121</span><br><span class="line">122</span><br><span class="line">123</span><br><span class="line">124</span><br><span class="line">125</span><br><span class="line">126</span><br><span class="line">127</span><br><span class="line">128</span><br><span class="line">129</span><br><span class="line">130</span><br><span class="line">131</span><br><span class="line">132</span><br><span class="line">133</span><br><span class="line">134</span><br><span class="line">135</span><br><span class="line">136</span><br><span class="line">137</span><br><span class="line">138</span><br><span class="line">139</span><br><span class="line">140</span><br><span class="line">141</span><br><span class="line">142</span><br><span class="line">143</span><br><span class="line">144</span><br><span class="line">145</span><br><span class="line">146</span><br><span class="line">147</span><br></pre></td><td class="code"><pre><span class="line">package com.yuqiyu.chapter37.interceptor;</span><br><span class="line"></span><br><span class="line">import com.alibaba.fastjson.JSON;</span><br><span class="line">import com.alibaba.fastjson.JSONObject;</span><br><span class="line">import com.yuqiyu.chapter37.annotation.ContentSecurity;</span><br><span class="line">import com.yuqiyu.chapter37.constants.ContentSecurityConstants;</span><br><span class="line">import com.yuqiyu.chapter37.utils.DES3Util;</span><br><span class="line">import org.slf4j.Logger;</span><br><span class="line">import org.slf4j.LoggerFactory;</span><br><span class="line">import org.springframework.util.StringUtils;</span><br><span class="line">import org.springframework.web.method.HandlerMethod;</span><br><span class="line">import org.springframework.web.servlet.HandlerInterceptor;</span><br><span class="line">import org.springframework.web.servlet.ModelAndView;</span><br><span class="line"></span><br><span class="line">import javax.servlet.http.HttpServletRequest;</span><br><span class="line">import javax.servlet.http.HttpServletResponse;</span><br><span class="line">import java.lang.reflect.Method;</span><br><span class="line">import java.util.Iterator;</span><br><span class="line"></span><br><span class="line">/**</span><br><span class="line"> * 安全认证拦截器</span><br><span class="line"> * ========================</span><br><span class="line"> * Created with IntelliJ IDEA.</span><br><span class="line"> * User：恒宇少年</span><br><span class="line"> * Date：2017/10/11</span><br><span class="line"> * Time：22:53</span><br><span class="line"> * 码云：http://git.oschina.net/jnyqy</span><br><span class="line"> * ========================</span><br><span class="line"> */</span><br><span class="line">public class ContentSecurityInterceptor</span><br><span class="line">    implements HandlerInterceptor</span><br><span class="line">&#123;</span><br><span class="line">    /**</span><br><span class="line">     * logback</span><br><span class="line">     */</span><br><span class="line">    private static Logger logger = LoggerFactory.getLogger(ContentSecurityInterceptor.class);</span><br><span class="line"></span><br><span class="line">    /**</span><br><span class="line">     * 请求之前处理加密内容</span><br><span class="line">     * @param request</span><br><span class="line">     * @param response</span><br><span class="line">     * @param handler</span><br><span class="line">     * @return</span><br><span class="line">     * @throws Exception</span><br><span class="line">     */</span><br><span class="line">    @Override</span><br><span class="line">    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception &#123;</span><br><span class="line"></span><br><span class="line">        //默认可以通过</span><br><span class="line">        boolean isPass = true;</span><br><span class="line"></span><br><span class="line">        /**</span><br><span class="line">         * 获取请求映射方法对象</span><br><span class="line">         */</span><br><span class="line">        HandlerMethod handlerMethod = (HandlerMethod) handler;</span><br><span class="line">        /**</span><br><span class="line">         * 获取访问方法实例对象</span><br><span class="line">         */</span><br><span class="line">        Method method = handlerMethod.getMethod();</span><br><span class="line">        /**</span><br><span class="line">         * 检查是否存在内容安全验证注解</span><br><span class="line">         */</span><br><span class="line">        ContentSecurity security = method.getAnnotation(ContentSecurity.class);</span><br><span class="line">        /**</span><br><span class="line">         * 存在注解做出不同方式认证处理</span><br><span class="line">         */</span><br><span class="line">        if (security != null) &#123;</span><br><span class="line">            switch (security.away())</span><br><span class="line">            &#123;</span><br><span class="line">                //DES方式内容加密处理</span><br><span class="line">                case DES:</span><br><span class="line">                    isPass = checkDES(request,response);</span><br><span class="line">                    break;</span><br><span class="line">            &#125;</span><br><span class="line">        &#125;</span><br><span class="line">        return isPass;</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    @Override</span><br><span class="line">    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception &#123;</span><br><span class="line"></span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    @Override</span><br><span class="line">    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception &#123;</span><br><span class="line"></span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    /**</span><br><span class="line">     * 检查DES方式内容</span><br><span class="line">     * @param request</span><br><span class="line">     * @param response</span><br><span class="line">     * @return</span><br><span class="line">     */</span><br><span class="line">    boolean checkDES(HttpServletRequest request,HttpServletResponse response) throws Exception</span><br><span class="line">    &#123;</span><br><span class="line">        //获取desString加密内容</span><br><span class="line">        String des = request.getParameter(ContentSecurityConstants.DES_PARAMETER_NAME);</span><br><span class="line">        logger.info(&quot;请求加密参数内容：&#123;&#125;&quot;,des);</span><br><span class="line">        /**</span><br><span class="line">         * 加密串不存在</span><br><span class="line">         */</span><br><span class="line">        if (des == null || des.length() == 0) &#123;</span><br><span class="line">            JSONObject json = new JSONObject();</span><br><span class="line">            json.put(&quot;msg&quot;,&quot;The DES Content Security Away Request , Parameter Required is &quot;+ ContentSecurityConstants.DES_PARAMETER_NAME);</span><br><span class="line">            response.getWriter().print(JSON.toJSONString(json));</span><br><span class="line">            return false;</span><br><span class="line">        &#125;</span><br><span class="line"></span><br><span class="line">        /**</span><br><span class="line">         * 存在加密串</span><br><span class="line">         * 解密DES参数列表并重新添加到request内</span><br><span class="line">         */</span><br><span class="line">        try &#123;</span><br><span class="line">            des = DES3Util.decrypt(des, DES3Util.DESKEY,&quot;UTF-8&quot;);</span><br><span class="line"></span><br><span class="line">            if (!StringUtils.isEmpty(des)) &#123;</span><br><span class="line"></span><br><span class="line">                JSONObject params = JSON.parseObject(des);</span><br><span class="line"></span><br><span class="line">                logger.info(&quot;解密请求后获得参数列表  &gt;&gt;&gt; &#123;&#125;&quot;, des);</span><br><span class="line">                Iterator it = params.keySet().iterator();</span><br><span class="line">                while (it.hasNext()) &#123;</span><br><span class="line">                    /**</span><br><span class="line">                     * 获取请求参数名称</span><br><span class="line">                     */</span><br><span class="line">                    String parameterName = it.next().toString();</span><br><span class="line">                    /**</span><br><span class="line">                     * 参数名称不为空时将值设置到request对象内</span><br><span class="line">                     * key=&gt;value</span><br><span class="line">                     */</span><br><span class="line">                    if (!StringUtils.isEmpty(parameterName)) &#123;</span><br><span class="line">                        request.setAttribute(ContentSecurityConstants.ATTRIBUTE_PREFFIX + parameterName,params.get(parameterName));</span><br><span class="line">                    &#125;</span><br><span class="line">                &#125;</span><br><span class="line">            &#125;</span><br><span class="line">        &#125;catch (Exception e)</span><br><span class="line">        &#123;</span><br><span class="line">            logger.error(e.getMessage());</span><br><span class="line">            JSONObject json = new JSONObject();</span><br><span class="line">            json.put(&quot;msg&quot;,&quot;The DES Content Security Error.&quot;+ContentSecurityConstants.DES_PARAMETER_NAME);</span><br><span class="line">            response.getWriter().print(JSON.toJSONString(json));</span><br><span class="line">            return false;</span><br><span class="line">        &#125;</span><br><span class="line">        return true;</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></p>
<p>在上面的代码<code>preHandle</code>方法中，拦截器首先判断当前请求方法是否包含<code>ContentSecurity</code>自定义安全注解，如果存在则是证明了该方法需要我们做安全解密，客户端传递参数的时候应该是已经按照预先定于的规则进行加密处理的。</p>
<p>接下来就是根据配置的加密方式进行<code>ContentSecurityAway</code>枚举类型<code>switch case</code>选择，根据不同的配置执行不同的解密方法。</p>
<p>因为我们的<code>ContentSecurityAway`注解内仅配置了</code>DES<code>方式，我们就来看看</code>checkDES``方法是怎么与客户端传递参数的约定，当然这个约定这里只是一个示例，如果你的项目需要更复杂的加密形式直接进行修改就可以了。</p>
<p>上面代码中最主要的一部分则是，如下所示：<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br></pre></td><td class="code"><pre><span class="line">...省略部分代码</span><br><span class="line">des = DES3Util.decrypt(des, DES3Util.DESKEY,&quot;UTF-8&quot;);</span><br><span class="line"></span><br><span class="line">            if (!StringUtils.isEmpty(des)) &#123;</span><br><span class="line"></span><br><span class="line">                JSONObject params = JSON.parseObject(des);</span><br><span class="line"></span><br><span class="line">                logger.info(&quot;解密请求后获得参数列表  &gt;&gt;&gt; &#123;&#125;&quot;, des);</span><br><span class="line">                Iterator it = params.keySet().iterator();</span><br><span class="line">                while (it.hasNext()) &#123;</span><br><span class="line">                    /**</span><br><span class="line">                     * 获取请求参数名称</span><br><span class="line">                     */</span><br><span class="line">                    String parameterName = it.next().toString();</span><br><span class="line">                    /**</span><br><span class="line">                     * 参数名称不为空时将值设置到request对象内</span><br><span class="line">                     * key=&gt;value</span><br><span class="line">                     */</span><br><span class="line">                    if (!StringUtils.isEmpty(parameterName)) &#123;</span><br><span class="line">                        request.setAttribute(ContentSecurityConstants.ATTRIBUTE_PREFFIX + parameterName,params.get(parameterName));</span><br><span class="line">                    &#125;</span><br><span class="line">                &#125;</span><br><span class="line">            &#125;</span><br><span class="line">....省略部分代码</span><br></pre></td></tr></table></figure></p>
<blockquote>
<p>在平时，客户端发起请求时参数都是在<code>HttpServletRequest</code>对象的<code>Parameter</code>内，如果我们做出解密后是无法再次将参数存放到<code>Parameter</code>内的，因为不可修改，<code>HttpServletRequest</code>不允许让这么处理参数，也是防止请求参数被篡改！</p>
</blockquote>
<p>既然这种方式不可以，那么我就采用<code>Attribute</code>方式设置，将加密字符串解密完成获取相应参数后，将每一个参数设置的<code>Attribute</code>请求属性集合内，这里你可能会有一个疑问，我们什么时候获取<code>Attribute</code>的值呢？</p>
<p>其实在上面代码<code>ContentSecurityMethodArgumentResolver</code>类内的方法<code>bindRequestAttributes</code>内，我们就已经从<code>Attribute</code>获取所有的属性列表，然后通过<code>反射机制</code>设置到配置<code>ContentSecurityAttribute</code>安全注解属性的参数对象内，然而我们这种方式目前是仅仅支持<code>实体类</code>，而基本数据封装类型目前没有做处理。</p>
<blockquote>
<p>这样在处理完成反射对象设置对应字段的属性后。然后通过<code>resolveArgument</code>方法将参数对象实例返回就完成了参数的自定义装载过程。</p>
</blockquote>
<h4 id="处理参数数据验证"><a href="#处理参数数据验证" class="headerlink" title="处理参数数据验证"></a>处理参数数据验证</h4><p>我们既然自定义了参数装载，当然不能忘记处理参数的验证机制，这也是<code>Spring MVC</code>引以为傲的功能模块之一，<code>Spring MVC Validator</code>其实是采用了<code>Hibernate Validator</code>机制完成的数据验证，我们只需要判断参数是否存在<code>@Valid</code>注解是否存在，如果存在则去执行<code>WebDataBinder</code>的<code>validate</code>方法就可以完成数据有效性验证，相关代码如下所示：<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br></pre></td><td class="code"><pre><span class="line">/**</span><br><span class="line">     * Validate the model attribute if applicable.</span><br><span class="line">     * &lt;p&gt;The default implementation checks for &#123;@code @javax.validation.Valid&#125;.</span><br><span class="line">     *</span><br><span class="line">     * @param binder    the DataBinder to be used</span><br><span class="line">     * @param parameter the method parameter</span><br><span class="line">     */</span><br><span class="line">    protected void validateIfApplicable(WebDataBinder binder, MethodParameter parameter) &#123;</span><br><span class="line">        Annotation[] annotations = parameter.getParameterAnnotations();</span><br><span class="line">        for (Annotation annot : annotations) &#123;</span><br><span class="line">            if (annot.annotationType().getSimpleName().startsWith(&quot;Valid&quot;)) &#123;</span><br><span class="line">                Object hints = AnnotationUtils.getValue(annot);</span><br><span class="line">                binder.validate(hints instanceof Object[] ? (Object[]) hints : new Object[]&#123;hints&#125;);</span><br><span class="line">            &#125;</span><br><span class="line">        &#125;</span><br><span class="line">    &#125;</span><br></pre></td></tr></table></figure></p>
<p>上述代码同样是位于<code>ContentSecurityMethodArgumentResolver</code>参数装载类内，到目前为止我们的参数状态从<code>拦截  &gt;  验证  &gt;  装载</code>一整个过程已经编写完成，下面我们配置下相关的拦截器以及安全参数装载让<code>SpringBoot</code>框架支持。</p>
<h4 id="WebMvcConfiguration"><a href="#WebMvcConfiguration" class="headerlink" title="WebMvcConfiguration"></a>WebMvcConfiguration</h4><p>先把拦截器进行配置下，代码如下所示：<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br></pre></td><td class="code"><pre><span class="line">package com.yuqiyu.chapter37;</span><br><span class="line"></span><br><span class="line">import com.yuqiyu.chapter37.interceptor.ContentSecurityInterceptor;</span><br><span class="line">import com.yuqiyu.chapter37.resovler.ContentSecurityMethodArgumentResolver;</span><br><span class="line">import org.springframework.context.annotation.Configuration;</span><br><span class="line">import org.springframework.web.method.support.HandlerMethodArgumentResolver;</span><br><span class="line">import org.springframework.web.servlet.config.annotation.InterceptorRegistry;</span><br><span class="line">import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;</span><br><span class="line"></span><br><span class="line">import java.util.List;</span><br><span class="line"></span><br><span class="line">/**</span><br><span class="line"> * springmvc 注解式配置类</span><br><span class="line"> * ========================</span><br><span class="line"> * Created with IntelliJ IDEA.</span><br><span class="line"> * User：恒宇少年</span><br><span class="line"> * Date：2017/9/16</span><br><span class="line"> * Time：22:15</span><br><span class="line"> * 码云：http://git.oschina.net/jnyqy</span><br><span class="line"> * ========================</span><br><span class="line"> */</span><br><span class="line">@Configuration</span><br><span class="line">public class WebMvcConfiguration</span><br><span class="line">    extends WebMvcConfigurerAdapter</span><br><span class="line">&#123;</span><br><span class="line">    /**</span><br><span class="line">     * 配置拦截器</span><br><span class="line">     * @param registry</span><br><span class="line">     */</span><br><span class="line">    @Override</span><br><span class="line">    public void addInterceptors(InterceptorRegistry registry) &#123;</span><br><span class="line">        registry.addInterceptor(new ContentSecurityInterceptor()).addPathPatterns(&quot;/**&quot;);</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></p>
<p>我们配置安全拦截器拦截所有<code>/**</code>根下的请求。下面配置下参数装载，在<code>WebMvcConfigurerAdapter</code>抽象类内有一个方法<code>addArgumentResolvers</code>就可以完成自定义参数装载配置，代码如下所示：<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line">/**</span><br><span class="line"> * 添加参数装载</span><br><span class="line"> * @param argumentResolvers</span><br><span class="line"> */</span><br><span class="line">@Override</span><br><span class="line">public void addArgumentResolvers(List&lt;HandlerMethodArgumentResolver&gt; argumentResolvers) &#123;</span><br><span class="line">    /**</span><br><span class="line">     * 将自定义的参数装载添加到spring内托管</span><br><span class="line">     */</span><br><span class="line">    argumentResolvers.add(new ContentSecurityMethodArgumentResolver());</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></p>
<p>就这么简单了就配置完成了。</p>
<h2 id="测试安全请求"><a href="#测试安全请求" class="headerlink" title="测试安全请求"></a>测试安全请求</h2><h4 id="添加测试实体"><a href="#添加测试实体" class="headerlink" title="添加测试实体"></a>添加测试实体</h4><p>测试实体代码如下所示：<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br></pre></td><td class="code"><pre><span class="line">package com.yuqiyu.chapter37.bean;</span><br><span class="line"></span><br><span class="line">import lombok.Data;</span><br><span class="line">import org.hibernate.validator.constraints.NotEmpty;</span><br><span class="line"></span><br><span class="line">import javax.validation.constraints.Min;</span><br><span class="line"></span><br><span class="line">/**</span><br><span class="line"> * ========================</span><br><span class="line"> * Created with IntelliJ IDEA.</span><br><span class="line"> * User：恒宇少年</span><br><span class="line"> * Date：2017/10/14</span><br><span class="line"> * Time：10:41</span><br><span class="line"> * 码云：http://git.oschina.net/jnyqy</span><br><span class="line"> * ========================</span><br><span class="line"> */</span><br><span class="line">@Data</span><br><span class="line">public class StudentEntity &#123;</span><br><span class="line">    //学生姓名</span><br><span class="line">    @NotEmpty</span><br><span class="line">    private String name;</span><br><span class="line"></span><br><span class="line">    //年龄</span><br><span class="line">    @Min(value = 18,message = &quot;年龄最小18岁&quot;)</span><br><span class="line">    private int age;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></p>
<p>在上述测试实体类内我们添加了两个属性，<code>name</code>、<code>age</code>，其中都做了验证注解配置，那我们下面就针对该实体添加一个控制器方法来进行测试安全参数装载。</p>
<h4 id="测试控制器"><a href="#测试控制器" class="headerlink" title="测试控制器"></a>测试控制器</h4><p>创建一个<code>IndexController</code>控制器，具体代码如下所示：<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br></pre></td><td class="code"><pre><span class="line">package com.yuqiyu.chapter37.controller;</span><br><span class="line"></span><br><span class="line">import com.alibaba.fastjson.JSON;</span><br><span class="line">import com.yuqiyu.chapter37.annotation.ContentSecurity;</span><br><span class="line">import com.yuqiyu.chapter37.annotation.ContentSecurityAttribute;</span><br><span class="line">import com.yuqiyu.chapter37.bean.StudentEntity;</span><br><span class="line">import org.springframework.web.bind.annotation.RequestMapping;</span><br><span class="line">import org.springframework.web.bind.annotation.RestController;</span><br><span class="line"></span><br><span class="line">import javax.validation.Valid;</span><br><span class="line"></span><br><span class="line">/**</span><br><span class="line"> * 表单提交控制器</span><br><span class="line"> * ========================</span><br><span class="line"> * Created with IntelliJ IDEA.</span><br><span class="line"> * User：恒宇少年</span><br><span class="line"> * Date：2017/9/16</span><br><span class="line"> * Time：22:26</span><br><span class="line"> * 码云：http://git.oschina.net/jnyqy</span><br><span class="line"> * ========================</span><br><span class="line"> */</span><br><span class="line">@RestController</span><br><span class="line">public class IndexController</span><br><span class="line">&#123;</span><br><span class="line">    /**</span><br><span class="line">     *</span><br><span class="line">     * @param student</span><br><span class="line">     * @return</span><br><span class="line">     * @throws Exception</span><br><span class="line">     */</span><br><span class="line">    @RequestMapping(value = &quot;/submit&quot;)</span><br><span class="line">    @ContentSecurity</span><br><span class="line">    public String security</span><br><span class="line">            (@ContentSecurityAttribute(&quot;student&quot;) @Valid StudentEntity student)</span><br><span class="line">            throws Exception</span><br><span class="line">    &#123;</span><br><span class="line">        System.out.println(JSON.toJSON(student));</span><br><span class="line"></span><br><span class="line">        return &quot;SUCCESS&quot;;</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></p>
<p>在<code>IndexController</code>控制器内添加一个名为<code>submit</code>的方法，该方法上我们配置了<code>@ContentSecurity</code>安全拦截注解，也就是会走<code>ContentSecurityInterceptor</code>解密逻辑，在参数<code>StudentEntity</code>上配置了两个注解，分别是：<code>@ContentSecurityAttribute</code>、<code>@Valid</code>，其中<code>@ContentSecurityAttribute</code>则是指定了与参数<code>student</code>同样的值，也就意味着参数装载时会直接将对应属性的值设置到<code>student</code>内。</p>
<h4 id="编写测试"><a href="#编写测试" class="headerlink" title="编写测试"></a>编写测试</h4><p>我们在项目创建时添加的<code>Chapter37ApplicationTests</code>测试类内写一个简单的测试用例，代码如下所示：<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br></pre></td><td class="code"><pre><span class="line">package com.yuqiyu.chapter37;</span><br><span class="line"></span><br><span class="line">import com.alibaba.fastjson.JSON;</span><br><span class="line">import com.yuqiyu.chapter37.constants.ContentSecurityConstants;</span><br><span class="line">import com.yuqiyu.chapter37.utils.DES3Util;</span><br><span class="line">import org.junit.Assert;</span><br><span class="line">import org.junit.Before;</span><br><span class="line">import org.junit.Test;</span><br><span class="line">import org.junit.runner.RunWith;</span><br><span class="line">import org.springframework.beans.factory.annotation.Autowired;</span><br><span class="line">import org.springframework.boot.test.context.SpringBootTest;</span><br><span class="line">import org.springframework.test.context.junit4.SpringRunner;</span><br><span class="line">import org.springframework.test.web.servlet.MockMvc;</span><br><span class="line">import org.springframework.test.web.servlet.MvcResult;</span><br><span class="line">import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;</span><br><span class="line">import org.springframework.test.web.servlet.result.MockMvcResultHandlers;</span><br><span class="line">import org.springframework.test.web.servlet.setup.MockMvcBuilders;</span><br><span class="line">import org.springframework.web.context.WebApplicationContext;</span><br><span class="line"></span><br><span class="line">import java.util.HashMap;</span><br><span class="line"></span><br><span class="line">@RunWith(SpringRunner.class)</span><br><span class="line">@SpringBootTest</span><br><span class="line">public class Chapter37ApplicationTests &#123;</span><br><span class="line"></span><br><span class="line">    @Autowired</span><br><span class="line">    private WebApplicationContext wac;</span><br><span class="line">    MockMvc mockMvc;</span><br><span class="line"></span><br><span class="line">    @Before</span><br><span class="line">    public void _init()</span><br><span class="line">    &#123;</span><br><span class="line">        mockMvc = MockMvcBuilders.webAppContextSetup(wac).build();</span><br><span class="line">    &#125;</span><br><span class="line"></span><br><span class="line">    /**</span><br><span class="line">     * 测试提交安全加密数据</span><br><span class="line">     * @throws Exception</span><br><span class="line">     */</span><br><span class="line">    @Test</span><br><span class="line">    public void testSubmit() throws Exception</span><br><span class="line">    &#123;</span><br><span class="line">        //参数列表</span><br><span class="line">        HashMap params = new HashMap();</span><br><span class="line">        params.put(&quot;name&quot;,&quot;hengyu&quot;);</span><br><span class="line">        params.put(&quot;age&quot;,20);</span><br><span class="line"></span><br><span class="line">        //json转换字符串后进行加密</span><br><span class="line">        String des = DES3Util.encrypt(JSON.toJSONString(params), DES3Util.DESKEY,&quot;UTF-8&quot;);</span><br><span class="line"></span><br><span class="line">        MvcResult result = mockMvc.perform(</span><br><span class="line">                MockMvcRequestBuilders.post(&quot;/submit&quot;)</span><br><span class="line">                .param(ContentSecurityConstants.DES_PARAMETER_NAME,des)</span><br><span class="line">        )</span><br><span class="line">                .andDo(MockMvcResultHandlers.print())</span><br><span class="line">//              .andDo(MockMvcResultHandlers.log())</span><br><span class="line">                .andReturn();</span><br><span class="line"></span><br><span class="line">        result.getResponse().setCharacterEncoding(&quot;UTF-8&quot;);</span><br><span class="line"></span><br><span class="line">        System.out.println(result.getResponse().getContentAsString());</span><br><span class="line"></span><br><span class="line">        Assert.assertEquals(&quot;请求失败&quot;,result.getResponse().getStatus(),200);</span><br><span class="line"></span><br><span class="line">        Assert.assertEquals(&quot;提交失败&quot;,result.getResponse().getContentAsString(),&quot;SUCCESS&quot;);</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></p>
<p>我们将参数使用<code>DES</code>加密进行处理，传递加密后的参数名字与拦截器解密方法实现了一致，这样在解密时才会得到相应的值，上面代码中我们参数传递都是正常的，我们运行下测试方法看下控制台输出，如下所示：<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">....省略其他输出</span><br><span class="line">2017-10-16 22:05:04.883  INFO 9736 --- [           main] c.y.c.i.ContentSecurityInterceptor       : 请求加密参数内容：A8PZVavK1EhP0khHShkab/MvCuj+JJle0Ou+GdiPdYo=</span><br><span class="line">2017-10-16 22:05:04.918  INFO 9736 --- [           main] c.y.c.i.ContentSecurityInterceptor       : 解密请求后获得参数列表  &gt;&gt;&gt; &#123;&quot;name&quot;:&quot;hengyu&quot;,&quot;age&quot;:20&#125;</span><br><span class="line">2017-10-16 22:05:04.935  INFO 9736 --- [           main] .r.ContentSecurityMethodArgumentResolver : 映射安全字段：name，字段类型：String，字段内容：hengyu</span><br><span class="line">2017-10-16 22:05:04.935  INFO 9736 --- [           main] .r.ContentSecurityMethodArgumentResolver : 映射安全字段：age，字段类型：int，字段内容：20</span><br><span class="line">&#123;&quot;name&quot;:&quot;hengyu&quot;,&quot;age&quot;:20&#125;</span><br><span class="line">SUCCESS</span><br><span class="line">....省略其他输出</span><br></pre></td></tr></table></figure></p>
<p>可以看到已经成功了完成了安全参数的装载，并且将参数映射相应的日志进行了打印，我们既然已经配置了<code>@Valid</code>数据有效校验，下面我们测试是否生效！</p>
<p>我们将参数age修改为<code>16</code>，我们配置的验证注解的内容为<code>@Min(18)</code>，如果设置成16则请求返回的<code>statusCode</code>应该是<code>400</code>，下面我们再来运行下测试方法，查看控制台输出：<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">....省略部分输出</span><br><span class="line">Resolved Exception:</span><br><span class="line">             Type = org.springframework.validation.BindException</span><br><span class="line">......</span><br><span class="line">java.lang.AssertionError: 请求失败 </span><br><span class="line">Expected :400</span><br><span class="line">Actual   :200</span><br><span class="line">.....省略部分输出</span><br></pre></td></tr></table></figure></p>
<p>确实如我们想的一样，请求所抛出的异常也正是<code>BindException</code>，参数绑定异常！</p>
<h1 id="总结"><a href="#总结" class="headerlink" title="总结"></a>总结</h1><p>本章内容代码比较多，主要目的就只有一个，就是统一完成请求安全参数解密，让我们更专注与业务逻辑，省下单独处理加密参数的时间以至于提高我们的开发效率！</p>
<p>本章代码已经上传到码云：<br>SpringBoot配套源码地址：<a href="https://gitee.com/hengboy/spring-boot-chapter" target="_blank" rel="noopener">https://gitee.com/hengboy/spring-boot-chapter</a><br>SpringCloud配套源码地址：<a href="https://gitee.com/hengboy/spring-cloud-chapter" target="_blank" rel="noopener">https://gitee.com/hengboy/spring-cloud-chapter</a><br>SpringBoot相关系列文章请访问：<a href="http://www.jianshu.com/p/9a08417e4e84" target="_blank" rel="noopener">目录：SpringBoot学习目录</a><br>QueryDSL相关系列文章请访问：<a href="http://www.jianshu.com/p/99a5ec5c3bd5" target="_blank" rel="noopener">QueryDSL通用查询框架学习目录</a><br>SpringDataJPA相关系列文章请访问：<a href="http://www.jianshu.com/p/615ed9c1fe84" target="_blank" rel="noopener">目录：SpringDataJPA学习目录</a><br>感谢阅读！<br>欢迎加入QQ技术交流群，共同进步。<br><img src="http://upload-images.jianshu.io/upload_images/4461954-f1d4cb64234b160a.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240" alt="QQ技术交流群"></p>

        
        </div>
        <footer class="article-footer">
            <div class="share-container">


    <div class="bdsharebuttonbox">
    <a href="#" class="bds_more" data-cmd="more">分享到：</a>
    <a href="#" class="bds_qzone" data-cmd="qzone" title="分享到QQ空间">QQ空间</a>
    <a href="#" class="bds_tsina" data-cmd="tsina" title="分享到新浪微博">新浪微博</a>
    <a href="#" class="bds_tqq" data-cmd="tqq" title="分享到腾讯微博">腾讯微博</a>
    <a href="#" class="bds_renren" data-cmd="renren" title="分享到人人网">人人网</a>
    <a href="#" class="bds_weixin" data-cmd="weixin" title="分享到微信">微信</a>
</div>
<script>
window._bd_share_config={"common":{"bdSnsKey":{},"bdText":"","bdMini":"2","bdMiniList":false,"bdPic":"","bdStyle":"0","bdSize":"16"},"share":{"bdSize":16}};with(document)0[(getElementsByTagName('head')[0]||body).appendChild(createElement('script')).src='http://bdimg.share.baidu.com/static/api/js/share.js?v=89860593.js?cdnversion='+~(-new Date()/36e5)];
</script>
<style>
    .bdshare_popup_box {
        border-radius: 4px;
        border: #e1e1e1 solid 1px;
    }
    .bdshare-button-style0-16 a,
    .bdshare-button-style0-16 .bds_more {
        padding-left: 20px;
        margin: 6px 10px 6px 0;
    }
    .bdshare_dialog_list a,
    .bdshare_popup_list a,
    .bdshare_popup_bottom a {
        font-family: 'Microsoft Yahei';
    }
    .bdshare_popup_top {
        display: none;
    }
    .bdshare_popup_bottom {
        height: auto;
        padding: 5px;
    }
</style>


</div>

            
    

        </footer>
    </div>
    
        
<nav id="article-nav">
    
        <a href="/spring-boot-chapter-38/" id="article-nav-newer" class="article-nav-link-wrap">
            <strong class="article-nav-caption">上一篇</strong>
            <div class="article-nav-title">
                
                    第三十八章：基于SpringBoot架构使用Profile完成打包环境分离
                
            </div>
        </a>
    
    
        <a href="/spring-boot-chapter-36/" id="article-nav-older" class="article-nav-link-wrap">
            <strong class="article-nav-caption">下一篇</strong>
            <div class="article-nav-title">第三十六章：基于SpringBoot架构重写SpringMVC请求参数装载</div>
        </a>
    
</nav>


    
</article>


    
    

</section>
            
			
				
<aside id="sidebar">
   
        
    <div class="widget-wrap">
        <h3 class="widget-title">最新文章</h3>
        <div class="widget">
            <ul id="recent-post" class="no-thumbnail">
                
                    <li>
                        
                        <div class="item-inner">
                            <p class="item-category"><a class="article-category-link" href="/categories/SpringBoot-核心技术/">SpringBoot 核心技术</a></p>
                            <p class="item-title"><a href="/spring-boot-chapter-52/" class="title">第五十二章：基于SpringBoot2使用Rest访问MongoDB数据</a></p>
                            <p class="item-date"><time datetime="2018-04-21T16:00:00.000Z" itemprop="datePublished">2018-04-22</time></p>
                        </div>
                    </li>
                
                    <li>
                        
                        <div class="item-inner">
                            <p class="item-category"><a class="article-category-link" href="/categories/SpringBoot-核心技术/">SpringBoot 核心技术</a></p>
                            <p class="item-title"><a href="/spring-boot-chapter-51/" class="title">第五十一章：基于SpringBoot2 &amp; MongoDB完成自动化集成</a></p>
                            <p class="item-date"><time datetime="2018-04-15T16:00:00.000Z" itemprop="datePublished">2018-04-16</time></p>
                        </div>
                    </li>
                
                    <li>
                        
                        <div class="item-inner">
                            <p class="item-category"><a class="article-category-link" href="/categories/SpringBoot-核心技术/">SpringBoot 核心技术</a></p>
                            <p class="item-title"><a href="/spring-boot-chapter-50/" class="title">第五十章：SpringBoot2.0新特性 - 岂止至今最简单redis缓存集成</a></p>
                            <p class="item-date"><time datetime="2018-04-14T16:00:00.000Z" itemprop="datePublished">2018-04-15</time></p>
                        </div>
                    </li>
                
                    <li>
                        
                        <div class="item-inner">
                            <p class="item-category"><a class="article-category-link" href="/categories/SpringBoot-核心技术/">SpringBoot 核心技术</a></p>
                            <p class="item-title"><a href="/spring-boot-chapter-49/" class="title">第四十九章：SpringBoot2.0新特性 - 你get到WebMvcConfigurer两种配置方式了吗？</a></p>
                            <p class="item-date"><time datetime="2018-03-16T16:00:00.000Z" itemprop="datePublished">2018-03-17</time></p>
                        </div>
                    </li>
                
                    <li>
                        
                        <div class="item-inner">
                            <p class="item-category"><a class="article-category-link" href="/categories/SpringBoot-核心技术/">SpringBoot 核心技术</a></p>
                            <p class="item-title"><a href="/spring-boot-chapter-48/" class="title">第四十八章：SpringBoot2.0新特性 - RabbitMQ信任package设置</a></p>
                            <p class="item-date"><time datetime="2018-03-12T16:00:00.000Z" itemprop="datePublished">2018-03-13</time></p>
                        </div>
                    </li>
                
            </ul>
        </div>
    </div>

    
        
    <div class="widget-wrap">
        <h3 class="widget-title">分类</h3>
        <div class="widget">
            <ul class="category-list"><li class="category-list-item"><a class="category-list-link" href="/categories/QueryDSL-核心技术/">QueryDSL 核心技术</a><span class="category-list-count">7</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/SpringBoot-核心技术/">SpringBoot 核心技术</a><span class="category-list-count">36</span></li></ul>
        </div>
    </div>

    
        
    <div class="widget-wrap">
        <h3 class="widget-title">归档</h3>
        <div class="widget">
            <ul class="archive-list"><li class="archive-list-item"><a class="archive-list-link" href="/archives/2018/04/">四月 2018</a><span class="archive-list-count">3</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2018/03/">三月 2018</a><span class="archive-list-count">4</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2018/01/">一月 2018</a><span class="archive-list-count">1</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/12/">十二月 2017</a><span class="archive-list-count">4</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/11/">十一月 2017</a><span class="archive-list-count">2</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/10/">十月 2017</a><span class="archive-list-count">2</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/09/">九月 2017</a><span class="archive-list-count">4</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/08/">八月 2017</a><span class="archive-list-count">4</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/07/">七月 2017</a><span class="archive-list-count">9</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/06/">六月 2017</a><span class="archive-list-count">2</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/05/">五月 2017</a><span class="archive-list-count">3</span></li><li class="archive-list-item"><a class="archive-list-link" href="/archives/2017/04/">四月 2017</a><span class="archive-list-count">5</span></li></ul>
        </div>
    </div>

    
        
    <div class="widget-wrap">
        <h3 class="widget-title">标签</h3>
        <div class="widget">
            <ul class="tag-list"><li class="tag-list-item"><a class="tag-list-link" href="/tags/QueryDSL/">QueryDSL</a><span class="tag-list-count">7</span></li><li class="tag-list-item"><a class="tag-list-link" href="/tags/SpringBoot/">SpringBoot</a><span class="tag-list-count">43</span></li></ul>
        </div>
    </div>

    
        
    <div class="widget-wrap">
        <h3 class="widget-title">标签云</h3>
        <div class="widget tagcloud">
            <a href="/tags/QueryDSL/" style="font-size: 10px;">QueryDSL</a> <a href="/tags/SpringBoot/" style="font-size: 20px;">SpringBoot</a>
        </div>
    </div>

    
        
    <div class="widget-wrap widget-list">
        <h3 class="widget-title">链接</h3>
        <div class="widget">
            <ul>
                
                    <li>
     				<a href="http://hexo.io" target="_blank">Hexo</a>
					</li>
                
            </ul>
        </div>
    </div>


    
    <div id="toTop" class="fa fa-angle-up"></div>
</aside>

				
        </div>
        <!--引入不蒜子-->
<script async src="//dn-lbstatics.qbox.me/busuanzi/2.3/busuanzi.pure.mini.js"></script>
<footer id="footer">
    <div class="outer">
        <div id="footer-info" class="inner">
            <span  id="busuanzi_container_site_pv">本站总访问量<span id="busuanzi_value_site_pv"></span>次</span>
            &copy; 2017 - 2018 恒宇少年 - 版权所有<br>
        </div>
    </div>
</footer>

        


    
        <script src="/libs/lightgallery/js/lightgallery.min.js"></script>
        <script src="/libs/lightgallery/js/lg-thumbnail.min.js"></script>
        <script src="/libs/lightgallery/js/lg-pager.min.js"></script>
        <script src="/libs/lightgallery/js/lg-autoplay.min.js"></script>
        <script src="/libs/lightgallery/js/lg-fullscreen.min.js"></script>
        <script src="/libs/lightgallery/js/lg-zoom.min.js"></script>
        <script src="/libs/lightgallery/js/lg-hash.min.js"></script>
        <script src="/libs/lightgallery/js/lg-share.min.js"></script>
        <script src="/libs/lightgallery/js/lg-video.min.js"></script>
    
    
        <script src="/libs/justified-gallery/jquery.justifiedGallery.min.js"></script>
    
    



<!-- Custom Scripts -->
<script src="/js/main.js"></script>

    </div>
</body>
</html>